Information & Data Security Policy
The Company's information and data will be protected by use of the following measures:
- Ensuring appropriate destruction of Sterling RISQ SPII* data (cross cut shredding of paper documents and physical destruction or degaussing of electronic media)
- Performing due-diligence checks on employees handling SPII data to help prevent the employment of individuals who have previous convictions such as drug offences, burglary, or fraud-related offenses
- Conducting awareness training for employees or contractors with access to Sterling RISQ data
- Establishing access controls for electronic access to Sterling RISQ data that:
- Ensure users only have access to data needed to perform their job function;
- Include user name and password authentication;
- Ensure access of users is revoked immediately upon termination of employee/contractor; and
- Log and monitor administrative access for inappropriate activities
- Requiring employees and contractors to maintain a "clean desk" ensuring any Sterling RISQ data is not conspicuously available in hardcopy or on removable media
- Implementing security technology controls such as firewalls, intrusion detection devices and anti-virus software, as appropriate
- Ensuring appropriate levels of protection of Sterling RISQ data as it is stored or transferred across public networks (e.g., encrypt SPII data (utilizing 128 bit encryption technology) if transferred over public networks)
- Ensuring appropriate physical security controls where Sterling RISQ data is stored including door locks, monitoring of employee access to buildings and escorting of visitors.
- Establishing procedures to notify Sterling RISQ immediately of any potential breaches of Sterling RISQ data.
- Ensuring that laptop computers and other mobile devices containing Sterling RISQ data are protected by never leaving them unattended or unsecured
- Evaluating any vendors providing Third Party Service Provider with services involving the handling of Sterling RISQ data to ensure the vendor has implemented adequate information and physical security controls.
|The Privacy Officer|
GPO Box 2639
Sydney NSW 2000 Australia
|The Privacy Officer|
101 Thomson Road
#10-01 United Square
To know more Contact Us